Compilation results for cp1111.eqiad.wmnet: System changes detected

You can retrieve this result from host.json.

Catalog differences

Summary

Total Resources:	3981
Resources added:	0
Resources removed:	0
Resources modified:	4
Change percentage:	0.10%

Resources modified

Haproxy::Confd_site[tls]
Confd::File[/etc/haproxy/conf.d/tls.cfg]

Class[Profile::Cache::Haproxy]

Parameters differences:

--- Class[Profile::Cache::Haproxy].orig
+++ Class[Profile::Cache::Haproxy]

-    set_x_provenance => True

File[/etc/confd/templates/_etc_haproxy_conf.d_tls.cfg.tmpl]

Content differences:

--- /etc/confd/templates/_etc_haproxy_conf.d_tls.cfg.tmpl.orig
+++ /etc/confd/templates/_etc_haproxy_conf.d_tls.cfg.tmpl
@@ -168,37 +168,37 @@
     # A for net=wikimedia_trust|internal
     # F for abuse=
     # E otherwise
-    http-request set-var(req.provenance,ifnotexists) str('net=wikimedia-trust') if wikimedia_trust
+    http-request set-var(txn.provenance,ifnotexists) str('net=wikimedia-trust') if wikimedia_trust
     acl is_private_network src 10.0.0.0/8 172.16.0.0/12 192.168.0.0/16 127.0.0.0/8 ::1
-    http-request set-var(req.provenance,ifnotexists) str('net=internal') if is_private_network
+    http-request set-var(txn.provenance,ifnotexists) str('net=internal') if is_private_network
     # AWS Elastic IPs used by the Wikimedia Enterprise project reported in the following tasks over time:
     # T255524 T294798 T370294
     acl is_wme_client src 3.23.12.83/32 3.211.48.168/32 44.206.140.241/32 35.168.168.219/32 35.172.30.169/32 3.222.74.115/32
-    http-request set-var(req.provenance,ifnotexists) str('net=wme') if is_wme_client
-    http-request set-var(req.trusted_request) str(A) if { var(req.provenance) -m found }
+    http-request set-var(txn.provenance,ifnotexists) str('net=wme') if is_wme_client
+    http-request set-var(req.trusted_request) str(A) if { var(txn.provenance) -m found }
     # check if the IP is included in one of our ipblocks
-    http-request set-var(req.provenance,ifnotexists,ifnotempty) src,map_ip(/etc/haproxy/ipblocks.d/all.map)
+    http-request set-var(txn.provenance,ifnotexists,ifnotempty) src,map_ip(/etc/haproxy/ipblocks.d/all.map)
     # ensure that WMCS is marked as trusted.
-    http-request set-var(req.trusted_request,ifnotexists) str(A) if { var(req.provenance) -m sub "cloud=wmcs" }
-    http-request set-var(req.trusted_request,ifnotexists) str(F) if { var(req.provenance) -m beg "abuse=" }
+    http-request set-var(req.trusted_request,ifnotexists) str(A) if { var(txn.provenance) -m sub "cloud=wmcs" }
+    http-request set-var(req.trusted_request,ifnotexists) str(F) if { var(txn.provenance) -m beg "abuse=" }
     # If everything else failed, find an isp in maxmind
-    http-request set-var(req.provenance,ifnotexists,ifnotempty) lua.fetch_isp,lower,bytes(0,64)
+    http-request set-var(txn.provenance,ifnotexists,ifnotempty) lua.fetch_isp,lower,bytes(0,64)
 
     # lookup failed
-    http-request set-var(req.provenance,ifnotset) str('net=unknown')
+    http-request set-var(txn.provenance,ifnotset) str('net=unknown')
 
     http-request set-var(req.ip_reputation,ifnotexists,ifnotempty) src,map_ip_key(/etc/haproxy/ip-reputation.d/top_10000_ips_requestctl_webrequest_text_7days.map)
     http-request set-var(req.ip_reputation,ifnotexists,ifnotempty) src,map_ip_key(/etc/haproxy/ip-reputation.d/top_10000_ips_requestctl_webrequest_upload_7days.map)
-    http-request set-var(req.provenance) var(req.provenance),add_item(";",,"top_historical_webrequest=true") if { var(req.ip_reputation) -m found }
+    http-request set-var(txn.provenance) var(txn.provenance),add_item(";",,"top_historical_webrequest=true") if { var(req.ip_reputation) -m found }
     # Check if the request originates from a known datacenter.
     http-request lua.is_datacenter
-    http-request set-var(req.provenance) var(req.provenance),add_item(";",,"datacenter=true") if { var(txn.is_datacenter) -m bool }
+    http-request set-var(txn.provenance) var(txn.provenance),add_item(";",,"datacenter=true") if { var(txn.is_datacenter) -m bool }
     http-request lua.cidergrinder_mmdb_lookup unless { var(sess.cidergrinder_mmdb_result) -m found }
     http-request set-var(sess.prehashed) src,ipmask(32,64),xxh3 unless { var(sess.cidergrinder_mmdb_result) -m found } || { var(sess.prehashed) -m found }
     http-request lua.bloom_lookup unless { var(sess.cidergrinder_mmdb_result) -m bool }
-    http-request set-var(req.provenance) var(req.provenance),add_item(";",,"likely_resiproxy=true") if { var(sess.cidergrinder_mmdb_result) -m bool } || { var(sess.bloom_result) -m bool }
+    http-request set-var(txn.provenance) var(txn.provenance),add_item(";",,"likely_resiproxy=true") if { var(sess.cidergrinder_mmdb_result) -m bool } || { var(sess.bloom_result) -m bool }
     http-request lua.res_proxy  # sets var txn.res_proxy to `proxy=foo` (or, doesn't)
-    http-request set-var(req.provenance) var(req.provenance),add_item(";",txn.res_proxy,"") if { var(txn.res_proxy) -m found }
+    http-request set-var(txn.provenance) var(txn.provenance),add_item(";",txn.res_proxy,"") if { var(txn.res_proxy) -m found }
 
     # txn.x_requestctl gets populated by matching requestctl rules. Here, we prepare to log it via
     # txn.x_analytics. The ifnotexists here is purely defensive.
@@ -247,7 +247,7 @@
     {{- end }}
 
     # Requestctl known-client identification rules are enabled.
-    # NOTE: known-client rules fetch req.provenance and may set both req.provenance and req.trusted_request.
+    # NOTE: known-client rules fetch txn.provenance and may set both txn.provenance and req.trusted_request.
 
     {{- $path := "/request-haproxy-known-client-dsl/common/eqiad" -}}
     {{- if not (exists $path) }}
@@ -260,7 +260,7 @@
     {{- end }}
 
     # Set X-Provenance to its final authoritative value, if available.
-    http-request set-header X-Provenance %[var(req.provenance)] if { var(req.provenance) -m found }
+    http-request set-header X-Provenance %[var(txn.provenance)] if { var(txn.provenance) -m found }
 
     # Image provenance.
     # Set image link generator, possible values are defined by MediaWiki, See:

Compilation results for cp1111.eqiad.wmnet: System changes detected

Catalog differences

Summary

Resources modified

Relevant files